Internet criminals are getting more and more inventive with their social engineering attacks. Here are two examples of fake Apple invoices. The first is an example from the Sophos blog showing a $699.99 charge for a postcard. The link "View/Download" ends in download.jpg.exe, while the "Cancel" and "Not your order" URLs end in check.php. The smart social engineering in these fakes is that the victim gets scammed either way, whether you are curious what this is about or upset with this seemingly unauthorized charge, you are still likely to click one of the links:
[caption id="Fake Apple Invoice 1" align="aligncenter" width="600"]Fake Apple Invoice 1[/caption]
This second fake invoice is an example that comes from the KnowBe4 simulated phishing attack templates database. Our customers get a few dozen ready-made templates they can send to their users after all users get security awareness training and see who opens and who clicks, so that action can be taken in the sense of additional training or a chat with that user's supervisor or HR. We track all opens and clicks of these simulated attacks so you can see the vastly improved scores over a period of time.
[caption id="Fake Apple Invoice 2" align="aligncenter" width="600"]Fake Apple Invoice 2[/caption]
[caption id="Fake Apple Invoice 1" align="aligncenter" width="600"]Fake Apple Invoice 1[/caption]
This second fake invoice is an example that comes from the KnowBe4 simulated phishing attack templates database. Our customers get a few dozen ready-made templates they can send to their users after all users get security awareness training and see who opens and who clicks, so that action can be taken in the sense of additional training or a chat with that user's supervisor or HR. We track all opens and clicks of these simulated attacks so you can see the vastly improved scores over a period of time.
[caption id="Fake Apple Invoice 2" align="aligncenter" width="600"]Fake Apple Invoice 2[/caption]